DNS / AD Replication Failure

DNS no access / Domain controllers not able to replicate

DNS zones do not load

AD sync logon failure the target account name is incorrect

DNSaccess denied

This issue presented itself initially on a single exchange server showing a trust relationship issue. On investigating it was found the DNS was not working. On the two DNS servers both were showing Unknown on an NSLOOKUP.

Forcing a replication from the Primary DC to the secondary failed with an RPC issue.

Backup DC had no drive space left, though once freed the issue remained and no manner of reboots and service restarts resolved.

The first step is that the KDC service is stopped on the PDC then the following is run:

netdom resetpwd /server:<PDC.domain.com> /userd:<Domain\domain_admin> /passwordd:*

Yes this is resetting the password on itself

That server is rebooted and once up. Stop the KDC service on the BDC and then run the command on it:

It’s then rebooted.

DNS will now work.

Under AD Sites and Services a replication can now be forced from the PDC to the BDC.

Any remaining non DC servers can be rebooted as can PC’s and the issue is resolved.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.